refactor: delegate to cookie package

author: mo khan <mo@mokhan.ca> 2025-05-07 08:46:32 -0700
committer: mo khan <mo@mokhan.ca> 2025-05-07 08:46:32 -0700
commit: f417e03cb09024743baf2f749e4309032afd5f39 (patch)
tree: c2449a35404af96a2395f8716a0901a80c63bf94 /app/controllers/sessions
parent: d3cb17f8032d95f0f8805a0ce74fe5fc41714bb8 (diff)
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index b9240c6..50aac63 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"time"
 
+	xcookie "github.com/xlgmokha/x/pkg/cookie"
 	"github.com/xlgmokha/x/pkg/log"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
@@ -37,8 +38,8 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
 	http.SetCookie(w, cookie.New(
 		"oauth_state",
 		nonce,
-		cookie.WithSameSite(http.SameSiteLaxMode),
-		cookie.WithExpiration(time.Now().Add(10*time.Minute)),
+		xcookie.WithSameSite(http.SameSiteLaxMode),
+		xcookie.WithExpiration(time.Now().Add(10*time.Minute)),
 	))
 	http.Redirect(w, r, url, http.StatusFound)
 }
@@ -138,7 +139,7 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	http.SetCookie(w, cookie.New("session", encoded, cookie.WithExpiration(tokens.Expiry)))
+	http.SetCookie(w, cookie.New("session", encoded, xcookie.WithExpiration(tokens.Expiry)))
 	http.Redirect(w, r, "/dashboard", http.StatusFound)
 }
 
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index c40dbe7..8efc813 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -6,10 +6,12 @@ import (
 	"net/http"
 	"net/url"
 	"testing"
+	"time"
 
 	"github.com/oauth2-proxy/mockoidc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/xlgmokha/x/pkg/x"
 	xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
@@ -150,6 +152,14 @@ func TestSessions(t *testing.T) {
 				sub, err := token.Claims.GetSubject()
 				require.NoError(t, err)
 				assert.Equal(t, user.Subject, sub)
+
+				assert.Equal(t, "/", cookie.Path)
+				assert.Equal(t, "localhost", cookie.Domain)
+				assert.Equal(t, "session", cookie.Name)
+				assert.Zero(t, cookie.SameSite)
+				assert.Equal(t, x.Must(time.Parse(time.RFC3339, tokens["expiry"].(string))).Unix(), cookie.Expires.Unix())
+				assert.True(t, cookie.HttpOnly)
+				assert.True(t, cookie.Secure)
 			})
 
 			t.Run("stores the refresh token in a session cookie", func(t *testing.T) {
author	mo khan <mo@mokhan.ca>	2025-05-07 08:46:32 -0700
committer	mo khan <mo@mokhan.ca>	2025-05-07 08:46:32 -0700
commit	f417e03cb09024743baf2f749e4309032afd5f39 (patch)
tree	c2449a35404af96a2395f8716a0901a80c63bf94 /app/controllers/sessions
parent	d3cb17f8032d95f0f8805a0ce74fe5fc41714bb8 (diff)